> - Are you employees allowed to check email through Outlook Web Interface
> integrated by MS Exchange Server? If Yes, then there is a problem.
The server is not directly reachable from the outside, we don't use OWI

> - Do you have Trust-Relationship with either employee who could be able to
> do such things? (Internal Threat)
Noted
> - 0day exploits will not be easily available to anybody until and unless you
> have connections with those people who work 24/7 over this.
They only have to be available to the attacker, I guess ;) Depends on who you
have against you, the level we protect ourselves against is
industrial espionage. Let's say we are an interesting target.

> - Deploy/develop custom signatures (customize the Firewall/IDS rules for
> incoming email to check for any specific patterns) for similar spam emails
> to stop them from entering you mail server.
The data that went out were not your typical e-mails unfortunately :(

> While in consideration of above statements, there are many other dimensions
> to look at before approaching to the results of investigation directly.
>
> Good Luck!
Thanks :)